org.ietf.jgss.GSSManager Java Examples

The following examples show how to use org.ietf.jgss.GSSManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CrossRealm.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #2
Source File: Context.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #3
Source File: KeycloakSPNegoSchemeFactory.java    From keycloak with Apache License 2.0 6 votes vote down vote up
@Override
public ByteArrayHolder run() throws Exception {
    byte[] token = input;
    if (token == null) {
        token = new byte[0];
    }
    GSSManager manager = getManager();
    String httPrincipal = kerberosConfig.getServerPrincipal().replaceFirst("/.*@", "/" + authServer + "@");
    GSSName serverName = manager.createName(httPrincipal, null);
    GSSContext gssContext = manager.createContext(
            serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
    gssContext.requestMutualAuth(true);
    gssContext.requestCredDeleg(true);
    byte[] outputToken = gssContext.initSecContext(token, 0, token.length);

    ByteArrayHolder result = new ByteArrayHolder();
    result.bytes = outputToken;
    return result;
}
 
Example #4
Source File: Context.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #5
Source File: Context.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #6
Source File: CrossRealm.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #7
Source File: LifeTimeInSeconds.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
 
Example #8
Source File: MechTokenMissing.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #9
Source File: LifeTimeInSeconds.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
 
Example #10
Source File: TestInfoServersACL.java    From hbase with Apache License 2.0 6 votes vote down vote up
private CloseableHttpClient createHttpClient(String clientPrincipal) throws Exception {
  // Logs in with Kerberos via GSS
  GSSManager gssManager = GSSManager.getInstance();
  // jGSS Kerberos login constant
  Oid oid = new Oid("1.2.840.113554.1.2.2");
  GSSName gssClient = gssManager.createName(clientPrincipal, GSSName.NT_USER_NAME);
  GSSCredential credential = gssManager.createCredential(
      gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);

  Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create()
      .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();

  BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
  credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));

  return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry)
      .setDefaultCredentialsProvider(credentialsProvider).build();
}
 
Example #11
Source File: KrbCredSubKey.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #12
Source File: Context.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #13
Source File: MechTokenMissing.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #14
Source File: KrbCredSubKey.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #15
Source File: MechTokenMissing.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #16
Source File: Context.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #17
Source File: Context.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #18
Source File: SecurityRealmService.java    From wildfly-core with GNU Lesser General Public License v2.1 6 votes vote down vote up
private GSSKerberosCredential getGSSKerberosCredential(final String protocol, final String forHost)
        throws GeneralSecurityException {
    SubjectIdentity subjectIdentity = getSubjectIdentity(protocol, forHost);
    if (subjectIdentity == null) {
        throw ROOT_LOGGER.noSubjectIdentityForProtocolAndHost(protocol, forHost);
    }

    final GSSManager manager = GSSManager.getInstance();
    try {
        GSSCredential gssCredential = Subject.doAs(subjectIdentity.getSubject(),
                (PrivilegedExceptionAction<GSSCredential>) () -> manager.createCredential(null,
                        GSSCredential.DEFAULT_LIFETIME, new Oid[] { KERBEROS_V5, SPNEGO }, GSSCredential.ACCEPT_ONLY));

        return new GSSKerberosCredential(gssCredential);
    } catch (PrivilegedActionException e) {
        throw new GeneralSecurityException(e.getCause());
    }
}
 
Example #19
Source File: JobSubmissionTaskHandler.java    From swift-k with Apache License 2.0 6 votes vote down vote up
private SecurityContext getSecurityContext(Task task)
        throws InvalidSecurityContextException {
    SecurityContext sc = task.getService(0).getSecurityContext();
    if (sc == null) {
        // create default credentials
        sc = new GlobusSecurityContextImpl();
        GSSManager manager = ExtendedGSSManager.getInstance();
        try {
            sc.setCredentials(manager
                .createCredential(GSSCredential.INITIATE_AND_ACCEPT));
        }
        catch (GSSException e) {
            throw new InvalidSecurityContextException(e);
        }
    }
    return sc;
}
 
Example #20
Source File: Context.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #21
Source File: MechTokenMissing.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
 
Example #22
Source File: CrossRealm.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #23
Source File: KrbCredSubKey.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #24
Source File: KrbCredSubKey.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #25
Source File: LifeTimeInSeconds.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
 
Example #26
Source File: LifeTimeInSeconds.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = KDC.DEFAULT_LIFETIME;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
 
Example #27
Source File: KrbCredSubKey.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #28
Source File: Context.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #29
Source File: Context.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #30
Source File: Context.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
public Context impersonate(final String someone) throws Exception {
    try {
        GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
            @Override
            public GSSCredential run() throws Exception {
                GSSManager m = GSSManager.getInstance();
                GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
                if (Context.this.cred == null) {
                    Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
                }
                return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
            }
        });
        Context out = new Context();
        out.s = s;
        out.cred = creds;
        out.name = name + " as " + out.cred.getName().toString();
        return out;
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
}